Yeah, where I am today is really the result of ah, long journey. Um, it started with, you know, communications, engineering and just doing a thing that I thought was fun. But being sitting next to penetration testing team when I was in New York Stock Exchange and volunteering my time with them, um, you know, discovering a new area and experimenting on did realizing that maybe penetration testing wasn't for me, but that cybersecurity itself was actually intriguing. Um, and from there went to, ah, smaller organization, about 125 people when I started and was there working with for someone who had gotten me into the penetration testing team with the New York Stock Exchange but saw cybersecurity very holistically understood that cybersecurity was everything from physical security to risk management. Thio, you know, application, security, security, engineering, security, operations. And you know everything in between. Um, you know, my third week there, I had to learn how to do bug sweeping, you know, So it really the full spectrum of of how cybersecurity works and taking it down and engineering level as well as a political level. And so, you know, I was there for about almost eight years. Um, but it was very formative in terms of what it was what cyber security could be. And this was, you know, in the, you know, early to mid two thousands. Um, so from there went thio Sony, Um, that was after place, say, the PlayStation breach. But before the pictures breach, um, and it was about learning what it was like to do budgeting. Um, you know, when you're when you're thinking strategically, you have to think about how you're going to pay for these things. Um and so learning, budgeting. I got to learn international privacy and meet some very interesting people as a result of, you know, all of the efforts that Sony was putting in from a cybersecurity perspective, which is very unique on dso It kind of started arm me with some information to hire at a larger level, I think automatically and all of these things, it's about how do you brought in the aperture and how do you think about the bigger problem? Cybersecurity is not a technology problem. It's a people problem with technology elements on dso Uh, you know, it's, um, from there I went onto pallets here to the Data Analytics firm on on the business development side for cybersecurity. So, you know, we handled some incident response work as well as solving the big problems. Um, and so you got to see how a lot of different companies in, like, the Fortune 50 we're addressing cybersecurity, Um, which was an interesting, you know, survey of of of the world and understanding what the approaches were and who the leaders were and influencers in that area. Um was there for about a year, and then from there, went on to build a security program at Digital Ocean to the cloud hosting provider, Um, which was an interesting experience building a cybersecurity program in a company whose culture is trust and love eso. It was a transition to trust, but verify and love conditionally, um, but really trying to build out a, uh, that full gamut cybersecurity program that I that I had at at Liquid Net at a small company. But that was international. Had data centers around the world, but no privacy practice. No, uh, you know, general counsel know anything? So it was really a You know, you kind of building your own company to a certain extent within the organization, um, which is a really great experience and and working on, you know, their certification getting them certified and all those fun things while the company was growing very quickly. Um, A to that point was noticing that, you know, cybersecurity and technology teams don't get along very well. Onda trying to understand why on dso I want to be the CEO at Gemini, which the crypto currency exchange in April of 2017 when Bitcoin was at $1000 on was rapidly going up to $20,000 within six months of that. Um, and so, uh, you know, but did not own cybersecurity. So I was in a cybersecurity, important, an important field for cybersecurity. But I did not own cybersecurity on I was the recipient of the cybersecurity team, um, and so quickly got to learn that there's ah, how to talk about the business. Became a very big thing, especially as the CEO. But then, um, understanding that we have CEO and CTO have different operating rhythms than CSOs and security teams. Unless you're doing incident response constantly, security teams are much more, uh, analytical. A little bit longer, longer tail. If the cyber security team doesn't get a project done, the company continues making money. Um, you know it's not a big deal, but the CIA or CTL don't do their job in the company, doesn't make money, and those are very different sets of constraints. Eso is a very interesting learning experience being part of a company. That was, it was 35 people when I joined in about 200 when I left, um, and now work in a company called Coal Fire, which does cybersecurity services work where I get to take the skill sets I have acquired over the last 20 years and use them to help CSOs and leadership teams understand how to think about security as more than an insurance policy and more of a thing that can actually help drive business and drive revenue.

So this rule is a little bit special, right? Visit's kind of It's one where you're working to help CSOs and you're working to help leadership teams think about security strategy. Think about their approach, uh, change the way they're thinking about it. Take a step back and see the forest through the trees. CSOs and and security teams do a lot of called wood chopping very intimately involved with the individual trees. And a lot of times you don't get Thio. Zoom out and see the bigger picture. So my responsibilities are a lot about, um, number one helping the organization itself. Um, uh, show value to our clients. So it's one thing to do a piece of work and throw a report over the wall. It's another thing. Thio bring different pieces of work together and provide unique value, Um, and so that that's part of the rule. Another responsibility is simply just working one on one with CSOs that want Thio experiment or get better or need, you know, need a partner Onda, help them along the way. Eso It's extremely unstructured, Um, but at the same time, I think it's part of what you know. It's an investment in the client that makes things a little bit different. Um, so my top three priorities are really around. You know? What does the future of coal fire look like? Services that we that we might be missing that can help our clients. Uh, the second one is helping our clients on really thinking about it in a, um, product agnostic way, right? Like we're not selling. We're not selling tools and stuff like that. Would you sell services? But even thinking beyond selling those services, what does it really mean? To be best in class and for someone to be excellent at it on been the last one The last responsibility last priority is really just staying on top of everything. Uh, too fast moving field on dso it's ah, it becomes a challenge, Thio to keep track of all the different facets from a cyber security perspective. The work hours are variable. Um, the one. The one great thing is that I don't own any infrastructure, which means that I don't get paged on weekends and whatnot. Eso it's really it's kind of it's a very nice position to be in. So if you think about you know you're going to consulting. If you're not doing things that require you to get paged in the middle of the night, then you have. You sleep very well on, uh, and you get Thio. Enjoy your weekends. Eso It's kind of one of those. It's a nice change compared to what I have had in the past. Um, but it's, you know, it's definitely his trade offs.

So the biggest challenge is air, really Along the lines of, um, getting getting people to see the possibilities we as an industry get sometimes you get very stuck in our ways. We get very, um, uh, calcified in in our approach. And so it's really a matter of saying, Hey, you don't have to keep doing things the same way you've always done them, um and so seeing that and as well as people accepting help, right, I think we're very inclined. Um, you know, the vast majority of cybersecurity professionals are engineers are very inclined to say I can solve this problem. Andi. I think that there's a lot of situations where ah others who solve this problem on a routine basis can solve it faster and for less money and really understanding that that's a thing I think is ah, big challenges. Well, eso I think you know, to me, those are the two biggest pain points is kind of, you know, introducing more flexibility and then also being willing to say, Hey, uh, there are people out there that do X, y and Z for a living. Um, I think the that other That problem also lends itself to the fact that, uh, there are a lot of organizations and a lot of folks in again because we're in an engineering, you know, a lot of engineering mindset of, um I can build that myself. Right, Um and so the question you know, whether that's I'll build my own ticketing system or I will, you know, build my own pen testing platform or whatever that is. I think it's important to be able to take a step back and say, Do I want to do I or my organization or my team or my, You know, whatever I'm doing in life, Is this what I'm supposed to be best in the world at? Is this the thing that is making me better than anyone else? And if it's not and someone else has already decided to make that thing the thing they're gonna be best in the world at, then go find them because they're going to do it better, faster, cheaper than you ever will. Um, and I think that's important. Um, you know, And if there's something that really strongly aligns here, personal mission and someone's already kind of best in the world, that that, then seek them out and join them. I think is the biggest thing. Um, you know, it's really a matter of trying to think that, you know we can. We can do things ourselves because it's important to not get stuck in that mode.I mean, the biggest challenge is, frankly, are the When people are don't want help, right? I mean, obviously, I work at a cybersecurity consulting organization, so we want to help. But when people don't want help, then that becomes a pretty big challenge. Or when folks really wanted to follow what might be a really inefficient path. Andi, I think in the end, it's really about, you know, sometimes there are you have to walk away, right? And just taking another run at the hill doesn't make a ton of sense. Um, but sometimes their hearts and minds, it could be one over, sometimes their allies that you don't know about that, Um, you could turn your attention to in order to get to where you where things need to be. I think that's a I think that's just an important lesson. Overall is, you know, don't just keep banging your head against the wall, try to find an alternate path because they're usually is one. Um, you know, it's just a matter of trying to find it. Sometimes there isn't one of the time to give up and move on to move onto the next thing